package cn.edu.tsinghua.training.jsp.demo.servlet;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.edu.tsinghua.training.jsp.demo.util.DB;

public class UserServlet extends HttpServlet {

	/**
	 * SQLite
	 */
	private static final long serialVersionUID = 1L;
	
	@Override
	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		doPost(req, resp);
	}
	
	@Override
	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		String action = req.getParameter("action");
		if (action.equals("login")) {
			login(req, resp);
		}
		if (action.equals("register")) {
			register(req, resp);
		}
		if (action.equals("logout")) {
			logout(req, resp);
		}
	}
	
	private void login(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		
		String username = req.getParameter("username");
		String password = req.getParameter("password");
		
		Connection connection = null;
		PreparedStatement preparedStatement = null;
		ResultSet resultSet = null;
		try {
			connection = DB.getConnection();
			String sql = "select * from user where username=? and password=?";
			preparedStatement = connection.prepareStatement(sql);
			preparedStatement.setString(1, username);
			preparedStatement.setString(2, password);
			resultSet = preparedStatement.executeQuery();
			
			if (resultSet.next()) {
				req.getSession().setAttribute("username", username);
				resp.sendRedirect("home.jsp");
			} else {
				req.setAttribute("message", "Error.");
				req.getRequestDispatcher("index.jsp").forward(req, resp);
			}
		} catch (SQLException e) {
			e.printStackTrace();
		} finally {
			DB.close(resultSet, preparedStatement, connection);
		}
	}
	
	private void register(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		
		String username = req.getParameter("username");
		String password = req.getParameter("password");
		
		Connection connection = null;
		PreparedStatement preparedStatement = null;
		try {
			connection = DB.getConnection();
			String sql = "insert into user(username, password) values(?, ?)";
			preparedStatement = connection.prepareStatement(sql);
			preparedStatement.setString(1, username);
			preparedStatement.setString(2, password);
			preparedStatement.executeUpdate();
			resp.sendRedirect("index.jsp");
		} catch (SQLException e) {
			e.printStackTrace();
		} finally {
			DB.close(null, preparedStatement, connection);
		}
	}
	
	private void logout(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		req.getSession().invalidate();
		resp.sendRedirect("index.jsp");
	}

}
